Cisco on Wednesday announced patches for multiple vulnerabilities, including two critical-severity flaws in the Identity Services Engine (ISE) enterprise security solution.
The critical bugs, tracked as CVE-2025-20124 and CVE-2025-20125 and impacting ISE APIs, could allow a remote attacker authenticated with read-only administrative privileges to execute arbitrary commands on a vulnerable device.
Because user-supplied Java byte streams are insecurely deserialized, CVE-2025-20124 (CVSS score of 9.9) could allow an attacker to send crafted serialized Java objects to the vulnerable API to execute arbitrary commands and elevate privileges.
CVE-2025-20125 (CVSS score of 9.1) is due to lack of authorization in an API and improper validation of user input, allowing an attacker to send crafted HTTP requests to the API and retrieve information, tamper with the device configuration, and reload the device.
Patches for these security defects were included in ISE versions 3.1P10, 3.2P7, and 3.3P4. Cisco says there are no workarounds for either of these bugs. Users are advised to update their ISE installations as soon as possible.
On Wednesday, the tech giant also warned of multiple high-severity vulnerabilities in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS, IOS XE, and IOS XR that could allow remote, authenticated attackers to cause a denial-of-service (DoS) condition.
Tracked as CVE-2025-20169 to CVE-2025-20176, the flaws exist due to errors being improperly handled when SNMP requests are parsed, allowing attackers to send crafted SNMP requests and cause devices to reload unexpectedly, causing a DoS condition.
Cisco says there are no workarounds for these vulnerabilities, which were reported through the Trend Micro Zero Day Initiative, but has released mitigations and is working on patches that are expected to roll out in February and March.
The company also announced fixes for multiple medium-severity vulnerabilities in ISE, Expressway series devices, Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance, that could lead to malicious file downloads, information leaks, command execution, and cross-site scripting (XSS) attacks.
Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page.
Related: AMD Patches CPU Vulnerability That Could Break Confidential Computing Protections
Related: Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities
Related: Blunt the Effect of the Two-Edged Sword of Vulnerability Disclosures
Related: Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls
